Do you know why solutions like managed laptop encryption software such as AlertBoot are better than some standalone ones? Among many reasons, it's because the encryption cannot be overridden by anyone but the administrator. It has to be done from a central console.

This ensures, among other things, that a laptop stays encrypted once it is encrypted. Why would anyone try to disable encryption? For one, it might interfere with training.

The Department of Homeland Security (DHS) Office of Inspector General (OIG) finds in a report that the U.S. Citizenship and Immigration Services (USCIS) department has problems when it comes to the security of its laptop assets. The report found that:

6.5% of laptops did not use the latest service pack of it operating system

8% of laptops did not use the latest version of its encryption software

4.5% of laptops did not use encryption at all, or had it disabled

Regarding the last two points, USCIS noted that,

there were two situations where, by design, the standard USCIS encryption software was not active on the laptops: laptops used for classified processing and laptops used for training. USCIS staff noted that classified laptops do not use the standard encryption software, but rather the laptops used for classified processing conform to the rules of the classified system. When encryption software was running on training laptops, if a user rebooted, someone would need to be called to log in past encryption before the class could continue. According to USCIS staff, the training laptops do not need to be encrypted because they do not leave DHS facilities. [OIG report, OIG-12-83, May 2012]

The OIG answers in the same report that,

According to Directive 4300A, Information stored on any laptop computer or other mobile computing device that may be used in a residence or on travel shall use encryption.…

Laptop computers that are not running the most recent encryption software might not be adequately protecting the security and privacy of USCIS data, potentially putting data confidentiality, integrity, and availability at risk.

In other words -- as fiercegovernmentit.com noted -- there are no exceptions for instances where training gets slowed down because of reboots.

It's because of questionable judgments like these that allowing laptops to be decrypted by the user should not be allowed.

Have They Not Heard of Break Ins?

There are myriad reasons why a laptop used in a secure environment should be and stay encrypted. Reasons include theft and your spontaneous cases of laptopwentamissingitis, the condition where a laptop just disappears.

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading
provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing
support of the AlertBoot disk encryption managed service.
Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts
University in Medford, Massachusetts, U.S.A.